diff options
| author | Julius Werner <jwerner@chromium.org> | 2020-05-06 17:06:35 -0700 |
|---|---|---|
| committer | Julius Werner <jwerner@chromium.org> | 2020-12-03 00:11:08 +0000 |
| commit | fdabf3fcd792e5939445233c74eb8bf3bb73de39 (patch) | |
| tree | 2e197225a159c20a533e267d728326709711e690 /src/include | |
| parent | 0ba16637d8f12fe9ba8388222cfa71fc5206c0f3 (diff) | |
| download | coreboot-fdabf3fcd792e5939445233c74eb8bf3bb73de39.tar.gz coreboot-fdabf3fcd792e5939445233c74eb8bf3bb73de39.tar.bz2 coreboot-fdabf3fcd792e5939445233c74eb8bf3bb73de39.zip | |
cbfs: Add verification for RO CBFS metadata hash
This patch adds the first stage of the new CONFIG_CBFS_VERIFICATION
feature. It's not useful to end-users in this stage so it cannot be
selected in menuconfig (and should not be used other than for
development) yet. With this patch coreboot can verify the metadata hash
of the RO CBFS when it starts booting, but it does not verify individual
files yet. Likewise, verifying RW CBFSes with vboot is not yet
supported.
Verification is bootstrapped from a "metadata hash anchor" structure
that is embedded in the bootblock code and marked by a unique magic
number. This anchor contains both the CBFS metadata hash and a separate
hash for the FMAP which is required to find the primary CBFS. Both are
verified on first use in the bootblock (and halt the system on failure).
The CONFIG_TOCTOU_SAFETY option is also added for illustrative purposes
to show some paths that need to be different when full protection
against TOCTOU (time-of-check vs. time-of-use) attacks is desired. For
normal verification it is sufficient to check the FMAP and the CBFS
metadata hash only once in the bootblock -- for TOCTOU verification we
do the same, but we need to be extra careful that we do not re-read the
FMAP or any CBFS metadata in later stages. This is mostly achieved by
depending on the CBFS metadata cache and FMAP cache features, but we
allow for one edge case in case the RW CBFS metadata cache overflows
(which may happen during an RW update and could otherwise no longer be
fixed because mcache size is defined by RO code). This code is added to
demonstrate design intent but won't really matter until RW CBFS
verification can be supported.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I8930434de55eb938b042fdada9aa90218c0b5a34
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41120
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/cbfs.h | 10 | ||||
| -rw-r--r-- | src/include/cbfs_glue.h | 15 | ||||
| -rw-r--r-- | src/include/metadata_hash.h | 21 |
3 files changed, 44 insertions, 2 deletions
diff --git a/src/include/cbfs.h b/src/include/cbfs.h index 8d4c2209d2e7..cad01c623d41 100644 --- a/src/include/cbfs.h +++ b/src/include/cbfs.h @@ -7,6 +7,7 @@ #include <commonlib/cbfs.h> #include <program_loading.h> #include <types.h> +#include <vb2_sha.h> /*********************************************** * Perform CBFS operations on the boot device. * @@ -74,4 +75,13 @@ void cbfs_boot_device_find_mcache(struct cbfs_boot_device *cbd, uint32_t id); */ const struct cbfs_boot_device *cbfs_get_boot_device(bool force_ro); +/* + * Builds the mcache (if |cbd->mcache| is set) and verifies |metadata_hash| (if + * it is not NULL). If CB_CBFS_CACHE_FULL is returned, the mcache is incomplete + * but still valid and the metadata hash was still verified. Should be called + * once per *boot* (not once per stage) before the first CBFS access. + */ +cb_err_t cbfs_init_boot_device(const struct cbfs_boot_device *cbd, + struct vb2_hash *metadata_hash); + #endif diff --git a/src/include/cbfs_glue.h b/src/include/cbfs_glue.h index ebfbc2e7ae97..ffca83ef0604 100644 --- a/src/include/cbfs_glue.h +++ b/src/include/cbfs_glue.h @@ -5,8 +5,19 @@ #include <commonlib/region.h> #include <console/console.h> - -#define CBFS_ENABLE_HASHING 0 +#include <rules.h> + +/* + * This flag prevents linking hashing functions into stages where they're not required. We don't + * need them at all if verification is disabled. If verification is enabled without TOCTOU + * safety, we only need to verify the metadata hash in the initial stage and can assume it stays + * valid in later stages. If TOCTOU safety is required, we may need them in every stage to + * reverify metadata that had to be reloaded from flash (e.g. because it didn't fit the mcache). + * Note that this only concerns metadata hashing -- file access functions may still link hashing + * routines independently for file data hashing. + */ +#define CBFS_ENABLE_HASHING (CONFIG(CBFS_VERIFICATION) && \ + (CONFIG(TOCTOU_SAFETY) || ENV_INITIAL_STAGE)) #define ERROR(...) printk(BIOS_ERR, "CBFS ERROR: " __VA_ARGS__) #define LOG(...) printk(BIOS_ERR, "CBFS: " __VA_ARGS__) diff --git a/src/include/metadata_hash.h b/src/include/metadata_hash.h new file mode 100644 index 000000000000..2d3b8a86bc05 --- /dev/null +++ b/src/include/metadata_hash.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* This file is part of the coreboot project. */ + +#ifndef _METADATA_HASH_H_ +#define _METADATA_HASH_H_ + +#include <commonlib/bsd/metadata_hash.h> + +/* Verify the an FMAP data structure with the FMAP hash that is stored together with the CBFS + metadata hash in the bootblock's metadata hash anchor (when CBFS verification is enabled). */ +vb2_error_t metadata_hash_verify_fmap(const void *fmap_base, size_t fmap_size); + +#if CONFIG(CBFS_VERIFICATION) +/* Get the (RO) CBFS metadata hash for this CBFS image, which forms the root of trust for CBFS + verification. This function is only available in the bootblock. */ +struct vb2_hash *metadata_hash_get(void); +#else +static inline struct vb2_hash *metadata_hash_get(void) { return NULL; } +#endif + +#endif |